Nikto Scan on WHM: Outdated software

I did a few scans on some WHM servers and noticed that it lists quite a lot of vulnerabilities on a default install. The most important are that Apache and OpenSSL are out of date.

Apache 2.2.15 has some vulnerabilities that allow attackers to crash a server.

Is there any document or guide to update apache on WHM to httpd-2.2.3-43.el5.centos.3 ? I know it's not supported, just wondering.

I also was wondering how it is possible that nikto finds software on a server like phpnuke, solaris, etc. although those files shouldn't even be accessible? Keep in mind, it was a default WHM installation.

You all should run a nikto test, that tool finds some pretty interesting stuff on WHM servers.

Hello,
It is possible to upgrade apache to 2.2.17 with easy apache. Also you can upgrade openssl from the source , if you going to do so , make sure to do the following , upgrade openssh , bind , curl , apache , etc,.

There are a lot of packages need openssl , I hope you are scanning for PCI DSS

In regards to OpenSSL, it may be that Nikto is looking only at the version number (such as 0.9.8e-12.el5_4.6) but not taking into consideration that some vendors backport patches without increasing the main version number. In other words, OpenSSL 0.9.8e-12.el5_4.6 in CentOS is not the same as 0.9.8e from openssl.org. You can see this by going here [openssl.org] and observing the date:

You can also see which CVEs have been fixed in the OpenSSL package you have installed by using this command:

Code:

# rpm -q --changelog openssl | less

sOliver said:

I also was wondering how it is possible that nikto finds software on a server like phpnuke, solaris, etc. although those files shouldn't even be accessible? Keep in mind, it was a default WHM installation.

You all should run a nikto test, that tool finds some pretty interesting stuff on WHM servers.

Thanks,
Oliver

Click to expand...

Those are false positives. In other words, Nikto erroneously thinks that it has found phpnuke and other things that don't exist on a default installation of cPanel. This can be verified by doing the following:

In one terminal, as root, log all TCP traffic on the loopback interface on port 80 to a file called nikto.scan:

Code:

# tcpdump -Annvvs 1500 -i lo port 80 >> nikto.scan

Then, in another terminal as a regular user, run Nikto against localhost:

Code:

$ ./nikto.pl -host 127.0.0.1

Note: when the scan finishes, hit ctrl+c to stop tcpdump from logging.

Note the "404 Not Found" near the top of the response, indicating that the file "search.php" does not exist. Therefore the request is invalid. I'm not sure why Nikto flags this as an issue. If in doubt, just browse to the following URL:

Note: replace "example.com" with the hostname or IP address of your server.

My server displays the following message:

Code:

[b]Not Found[/b]
The requested URL /search.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_jk/1.2.30 Server at example.com Port 80

This is also the case for the other php and asp files Nikto believes exists, such as: